//-----------------------------------------------------------------------------
+// Jonathan Westhues, split Nov 2006
+// Modified by Greg Jones, Jan 2009
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
// Routines to support ISO 15693. This includes both the reader software and
// the `fake tag' modes, but at the moment I've implemented only the reader
// stuff, and that barely.
-// Jonathan Westhues, split Nov 2006
-
-// Modified by Greg Jones, Jan 2009 to perform modulation onboard in arm rather than on PC
+// Modified to perform modulation onboard in arm rather than on PC
// Also added additional reader commands (SELECT, READ etc.)
-
//-----------------------------------------------------------------------------
-#include <proxmark3.h>
+
+#include "proxmark3.h"
+#include "util.h"
#include "apps.h"
+#include "string.h"
// FROM winsrc\prox.h //////////////////////////////////
#define arraylen(x) (sizeof(x)/sizeof((x)[0]))
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
-static void CodeIso15693AsReader(BYTE *cmd, int n)
+static void CodeIso15693AsReader(uint8_t *cmd, int n)
{
int i, j;
//-----------------------------------------------------------------------------
// The CRC used by ISO 15693.
//-----------------------------------------------------------------------------
-static WORD Crc(BYTE *v, int n)
+static uint16_t Crc(uint8_t *v, int n)
{
- DWORD reg;
+ uint32_t reg;
int i, j;
reg = 0xffff;
for(i = 0; i < n; i++) {
- reg = reg ^ ((DWORD)v[i]);
+ reg = reg ^ ((uint32_t)v[i]);
for (j = 0; j < 8; j++) {
if (reg & 0x0001) {
reg = (reg >> 1) ^ 0x8408;
{
size_t dest_len = strlen(dest);
size_t i;
-
+
for (i = 0 ; src[i] != '\0' ; i++)
dest[dest_len + i] = src[i];
dest[dest_len + i] = '\0';
-
+
return dest;
}
//-----------------------------------------------------------------------------
static void BuildIdentifyRequest(void)
{
- BYTE cmd[5];
+ uint8_t cmd[5];
- WORD crc;
+ uint16_t crc;
// one sub-carrier, inventory, 1 slot, fast rate
// AFI is at bit 5 (1<<4) when doing an INVENTORY
cmd[0] = (1 << 2) | (1 << 5) | (1 << 1);
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void __attribute__((unused)) BuildSysInfoRequest(BYTE *uid)
+static void __attribute__((unused)) BuildSysInfoRequest(uint8_t *uid)
{
- BYTE cmd[12];
+ uint8_t cmd[12];
- WORD crc;
+ uint16_t crc;
// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block
// followed by teh block data
// one sub-carrier, inventory, 1 slot, fast rate
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void BuildSelectRequest( BYTE uid[])
+static void BuildSelectRequest( uint8_t uid[])
{
// uid[6]=0x31; // this is getting ignored - the uid array is not happening...
- BYTE cmd[12];
+ uint8_t cmd[12];
- WORD crc;
+ uint16_t crc;
// one sub-carrier, inventory, 1 slot, fast rate
//cmd[0] = (1 << 2) | (1 << 5) | (1 << 1); // INVENTROY FLAGS
cmd[0] = (1 << 4) | (1 << 5) | (1 << 1); // Select and addressed FLAGS
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void __attribute__((unused)) BuildReadBlockRequest(BYTE *uid, BYTE blockNumber )
+static void __attribute__((unused)) BuildReadBlockRequest(uint8_t *uid, uint8_t blockNumber )
{
- BYTE cmd[13];
+ uint8_t cmd[13];
- WORD crc;
+ uint16_t crc;
// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block
// followed by teh block data
// one sub-carrier, inventory, 1 slot, fast rate
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void __attribute__((unused)) BuildReadMultiBlockRequest(BYTE *uid)
+static void __attribute__((unused)) BuildReadMultiBlockRequest(uint8_t *uid)
{
- BYTE cmd[14];
+ uint8_t cmd[14];
- WORD crc;
+ uint16_t crc;
// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block
// followed by teh block data
// one sub-carrier, inventory, 1 slot, fast rate
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void __attribute__((unused)) BuildArbitraryRequest(BYTE *uid,BYTE CmdCode)
+static void __attribute__((unused)) BuildArbitraryRequest(uint8_t *uid,uint8_t CmdCode)
{
- BYTE cmd[14];
+ uint8_t cmd[14];
- WORD crc;
+ uint16_t crc;
// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block
// followed by teh block data
// one sub-carrier, inventory, 1 slot, fast rate
CodeIso15693AsReader(cmd, sizeof(cmd));
}
-static void __attribute__((unused)) BuildArbitraryCustomRequest(BYTE uid[], BYTE CmdCode)
+static void __attribute__((unused)) BuildArbitraryCustomRequest(uint8_t uid[], uint8_t CmdCode)
{
- BYTE cmd[14];
+ uint8_t cmd[14];
- WORD crc;
+ uint16_t crc;
// If we set the Option_Flag in this request, the VICC will respond with the secuirty status of the block
// followed by teh block data
// one sub-carrier, inventory, 1 slot, fast rate
static void BuildInventoryResponse(void)
{
- BYTE cmd[12];
+ uint8_t cmd[12];
- WORD crc;
+ uint16_t crc;
// one sub-carrier, inventory, 1 slot, fast rate
// AFI is at bit 5 (1<<4) when doing an INVENTORY
cmd[0] = 0; //(1 << 2) | (1 << 5) | (1 << 1);
//-----------------------------------------------------------------------------
// Transmit the command (to the tag) that was placed in ToSend[].
//-----------------------------------------------------------------------------
-static void TransmitTo15693Tag(const BYTE *cmd, int len, int *samples, int *wait)
+static void TransmitTo15693Tag(const uint8_t *cmd, int len, int *samples, int *wait)
{
int c;
// c++;
// }
// if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
-// volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;
+// volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
// (void)r;
// }
// WDT_HIT();
}
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;
+ volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
(void)r;
}
WDT_HIT();
//-----------------------------------------------------------------------------
// Transmit the command (to the reader) that was placed in ToSend[].
//-----------------------------------------------------------------------------
-static void TransmitTo15693Reader(const BYTE *cmd, int len, int *samples, int *wait)
+static void TransmitTo15693Reader(const uint8_t *cmd, int len, int *samples, int *wait)
{
int c;
}
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;
+ volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
(void)r;
}
WDT_HIT();
*samples = (c + *wait) << 3;
}
-static int GetIso15693AnswerFromTag(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed)
+static int GetIso15693AnswerFromTag(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed)
{
int c = 0;
- BYTE *dest = (BYTE *)BigBuf;
+ uint8_t *dest = (uint8_t *)BigBuf;
int getNext = 0;
- SBYTE prev = 0;
+ int8_t prev = 0;
// NOW READ RESPONSE
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
AT91C_BASE_SSC->SSC_THR = 0x43;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- SBYTE b;
- b = (SBYTE)AT91C_BASE_SSC->SSC_RHR;
+ int8_t b;
+ b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
// The samples are correlations against I and Q versions of the
// tone that the tag AM-modulates, so every other sample is I,
// every other is Q. We just want power, so abs(I) + abs(Q) is
// close to what we want.
if(getNext) {
- SBYTE r;
+ int8_t r;
if(b < 0) {
r = -b;
r += prev;
}
- dest[c++] = (BYTE)r;
+ dest[c++] = (uint8_t)r;
if(c >= 2000) {
break;
i = maxPos + arraylen(FrameSOF)/skip;
- BYTE outBuf[20];
+ uint8_t outBuf[20];
memset(outBuf, 0, sizeof(outBuf));
- BYTE mask = 0x01;
+ uint8_t mask = 0x01;
for(;;) {
int corr0 = 0, corr1 = 0, corrEOF = 0;
for(j = 0; j < arraylen(Logic0); j += skip) {
DbpString("error, uneven octet! (discard extra bits!)");
/// DbpString(" mask=%02x", mask);
}
-// BYTE str1 [8];
+// uint8_t str1 [8];
// itoa(k,str1);
// strcat(str1," octets read");
}
// Now the GetISO15693 message from sniffing command
-static int GetIso15693AnswerFromSniff(BYTE *receivedResponse, int maxLen, int *samples, int *elapsed)
+static int GetIso15693AnswerFromSniff(uint8_t *receivedResponse, int maxLen, int *samples, int *elapsed)
{
int c = 0;
- BYTE *dest = (BYTE *)BigBuf;
+ uint8_t *dest = (uint8_t *)BigBuf;
int getNext = 0;
- SBYTE prev = 0;
+ int8_t prev = 0;
// NOW READ RESPONSE
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER_RX_XCORR);
AT91C_BASE_SSC->SSC_THR = 0x43;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- SBYTE b;
- b = (SBYTE)AT91C_BASE_SSC->SSC_RHR;
+ int8_t b;
+ b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
// The samples are correlations against I and Q versions of the
// tone that the tag AM-modulates, so every other sample is I,
// every other is Q. We just want power, so abs(I) + abs(Q) is
// close to what we want.
if(getNext) {
- SBYTE r;
+ int8_t r;
if(b < 0) {
r = -b;
r += prev;
}
- dest[c++] = (BYTE)r;
+ dest[c++] = (uint8_t)r;
if(c >= 20000) {
break;
i = maxPos + arraylen(FrameSOF)/skip;
- BYTE outBuf[20];
+ uint8_t outBuf[20];
memset(outBuf, 0, sizeof(outBuf));
- BYTE mask = 0x01;
+ uint8_t mask = 0x01;
for(;;) {
int corr0 = 0, corr1 = 0, corrEOF = 0;
for(j = 0; j < arraylen(Logic0); j += skip) {
DbpString("error, uneven octet! (discard extra bits!)");
/// DbpString(" mask=%02x", mask);
}
-// BYTE str1 [8];
+// uint8_t str1 [8];
// itoa(k,str1);
// strcat(str1," octets read");
void AcquireRawAdcSamplesIso15693(void)
{
int c = 0;
- BYTE *dest = (BYTE *)BigBuf;
+ uint8_t *dest = (uint8_t *)BigBuf;
int getNext = 0;
- SBYTE prev = 0;
+ int8_t prev = 0;
BuildIdentifyRequest();
}
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- volatile DWORD r = AT91C_BASE_SSC->SSC_RHR;
+ volatile uint32_t r = AT91C_BASE_SSC->SSC_RHR;
(void)r;
}
WDT_HIT();
AT91C_BASE_SSC->SSC_THR = 0x43;
}
if(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
- SBYTE b;
- b = (SBYTE)AT91C_BASE_SSC->SSC_RHR;
+ int8_t b;
+ b = (int8_t)AT91C_BASE_SSC->SSC_RHR;
// The samples are correlations against I and Q versions of the
// tone that the tag AM-modulates, so every other sample is I,
// every other is Q. We just want power, so abs(I) + abs(Q) is
// close to what we want.
if(getNext) {
- SBYTE r;
+ int8_t r;
if(b < 0) {
r = -b;
r += prev;
}
- dest[c++] = (BYTE)r;
+ dest[c++] = (uint8_t)r;
if(c >= 2000) {
break;
// Simulate an ISO15693 reader, perform anti-collision and then attempt to read a sector
// all demodulation performed in arm rather than host. - greg
//-----------------------------------------------------------------------------
-void ReaderIso15693(DWORD parameter)
+void ReaderIso15693(uint32_t parameter)
{
LED_A_ON();
LED_B_ON();
//DbpString(parameter);
- //BYTE *answer0 = (((BYTE *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
- BYTE *answer1 = (((BYTE *)BigBuf) + 3660); //
- BYTE *answer2 = (((BYTE *)BigBuf) + 3760);
- BYTE *answer3 = (((BYTE *)BigBuf) + 3860);
- //BYTE *TagUID= (((BYTE *)BigBuf) + 3960); // where we hold the uid for hi15reader
+ //uint8_t *answer0 = (((uint8_t *)BigBuf) + 3560); // allow 100 bytes per reponse (way too much)
+ uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
+ uint8_t *answer2 = (((uint8_t *)BigBuf) + 3760);
+ uint8_t *answer3 = (((uint8_t *)BigBuf) + 3860);
+ //uint8_t *TagUID= (((uint8_t *)BigBuf) + 3960); // where we hold the uid for hi15reader
// int answerLen0 = 0;
int answerLen1 = 0;
int answerLen2 = 0;
// FIRST WE RUN AN INVENTORY TO GET THE TAG UID
// THIS MEANS WE CAN PRE-BUILD REQUESTS TO SAVE CPU TIME
- BYTE TagUID[7]; // where we hold the uid for hi15reader
+ uint8_t TagUID[7]; // where we hold the uid for hi15reader
// BuildIdentifyRequest();
// //TransmitTo15693Tag(ToSend,ToSendMax+3,&tsamples, &wait);
// Simulate an ISO15693 TAG, perform anti-collision and then print any reader commands
// all demodulation performed in arm rather than host. - greg
//-----------------------------------------------------------------------------
-void SimTagIso15693(DWORD parameter)
+void SimTagIso15693(uint32_t parameter)
{
LED_A_ON();
LED_B_ON();
LED_C_OFF();
LED_D_OFF();
- BYTE *answer1 = (((BYTE *)BigBuf) + 3660); //
+ uint8_t *answer1 = (((uint8_t *)BigBuf) + 3660); //
int answerLen1 = 0;
// Blank arrays